package com.oscar.web.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
public class MySecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //拦截所有URL的访问，将不具备USER角色的用户将被导航到登录页
        http.authorizeRequests()
                .antMatchers("/books/collect").hasAnyRole("USER")
                .antMatchers("/books/to_eva").hasAnyRole("USER")
                .antMatchers("/books/evlute").hasAnyRole("USER")
                .antMatchers("/user/recommender").hasAnyRole("USER")
                .antMatchers("/test").hasAnyRole("USER")
                .and().formLogin();    //formLogin()hasAnyRole("USER") ; //;
        //设置用户登录注销
        http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
    }

}
